Linux Foundation releases secure boot loader

Freeing the way for independent Linux distributions to be installed on Windows 8 computers, the Linux Foundation has released software that will allow Linux to work with computers running the UEFI (Unified Extensible Firmware Interface) firmware.

The Linux Foundation Secure Boot System solves a fundamental problem for many Linux distributions, by providing a way for a Linux-based OS to run on new hardware controlled by UEFI firmware, also known as "secure boot" technology.

Linux Foundation technical advisory board member James Bottomley led the development of the bootloader.

As a potential replacement to the long-used BIOS firmware, UEFI is an industry initiative to secure computers against malware by designing the computer's firmware to require a trusted key before booting the operating system, or any hardware inside the computer, such as a graphics card. UEFI would provide a foundation for a chain of trust that would connect all the way up to the software layer, which could thwart attempts to install illicit, and harmful, software on computers.

Microsoft is requiring UEFI on all machines running Windows 8. While OEMs (original equipment manufacturers) have the option of providing a way to turn off UEFI so other OSes can run on the machine, many in the Linux community fear that OEMs will not provide a UEFI off-switch, thereby not allowing other OSes without a key to run on these machines. A generic Linux distribution will not run on a Windows 8 computer without keys.

The latest releases of many major Linux distributions now include a bootloader or a shim of some sort to work with UEFI, including Ubuntu 12.10 and Fedora 18. This UEFI requirement, however, has been seen as a roadblock for those who like to create their own distributions of Linux. The Linux Foundation bootloader provides a hash code, certified by Microsoft, and support infrastructure to boot a generic Linux kernel.

This is not the first approach someone in the Linux camp has devised for working with UEFI. Security developer Matthew Garrett released his own shim last year. A shim is different from a bootloader in that in that it does not require a signed key from a third party, though this approach is more unwieldy to manage. Garrett and Bottomley are discussing merging Garrett's shim with the Linux Foundation's bootloader.

UEFI has proved to be a challenge to implement even for Microsoft Windows. Garrett also reported that certain Samsung laptops running Windows 8 could permanently stop working due to a bug in how the Samsung firmware stores system crash data in the UEFI storage space.

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.

Contact Us

With over 25 years of brand awareness and credibility, Good Gear Guide (formerly PC World Australia), consistently delivers editorial excellence through award-winning content and trusted product reviews.